Safety Report

Codexmonitor

Name: Codexmonitor
Rating: 5 (4 reviews)
Author: odrobnik

List/inspect/watch local OpenAI Codex sessions (CLI + VS Code) using the CodexMonitor Homebrew formula. Reads sessions from ~/.codex/sessions by default (or...

3,070Downloads

6Installs

4Stars

7Versions

CLI & Shell Tools1,805 Monitoring & Logging1,579 Math & Science439

Security Analysis

high confidence

Clean0.08 risk

The skill's requirements and instructions align with its stated purpose: it expects a Homebrew-installed codexmonitor binary and reads local Codex session files (~/ .codex/sessions) — nothing requested is disproportionate or unrelated.

Mar 3, 20262 files2 concerns

Purpose & Capabilityok

Name/description (list/inspect/watch local Codex sessions) match the declared requirements: a codexmonitor binary installed via the cocoanetics/tap Homebrew formula. No unrelated binaries or credentials are requested.

Instruction Scopenote

SKILL.md instructs the agent to run the codexmonitor binary and to read session files under ~/.codex/sessions (or CODEX_SESSIONS_DIR / CODEX_HOME). Accessing these local session files is sensitive but is directly relevant to the tool's purpose.

Install Mechanismnote

Installation uses a Homebrew formula from a third-party tap (cocoanetics/tap). Homebrew installs a binary to disk which will be executed; this is expected but higher-risk than an official/mainstream tap — verify the tap/formula before installing.

Credentialsok

No required environment variables or credentials are declared. Optional env vars mentioned (CODEX_SESSIONS_DIR, CODEX_HOME) are appropriate for overriding the sessions path.

Persistence & Privilegeok

Skill is not always-enabled and does not request elevated platform privileges. It does not declare modifications to other skills or global agent configs.

Guidance

This skill appears coherent with its purpose, but take these precautions before installing: (1) Verify the Homebrew tap and formula (cocoanetics/tap) and review the GitHub repo to ensure the binary is trustworthy. Third‑party taps can install arbitrary code. (2) Be aware codexmonitor reads your local Codex session files (~/.codex/sessions), which may contain sensitive prompts or data — only install if you trust the binary. (3) Consider inspecting the installed binary or running it in a restricted environment (sandbox, VM) and monitor network activity the first time you run it. (4) If you need stronger assurance, ask for the formula/source of the codexmonitor binary and have it reviewed before installing.

Latest Release

v0.2.2

fix: use /Users/oliver/clawd for workspace root to preserve symlink paths

More by @odrobnik

Codex Quota

3 stars

Loxone

2 stars

Revolut

2 stars

Skill Review

2 stars

Sudoku

1 stars

Gemini Yt Video Transcript

1 stars

Published by @odrobnik on ClawHub